National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2017-2743 Detail

Current Description

HP has identified a potential security vulnerability with HP Enterprise LaserJet Printers and MFPs, HP OfficeJet Enterprise Color Printers and MFP, HP PageWide Color Printers and MPS before 2308214_000901, 2308214_000900, and other firmware versions. The vulnerability could be exploited to perform a cross site scripting (XSS) attack.

Source:  MITRE      Last Modified:  01/23/2018      View Analysis Description

Quick Info

CVE Dictionary Entry:
CVE-2017-2743
Original release date:
01/23/2018
Last revised:
02/13/2018
Source:
US-CERT/NIST

Impact

CVSS Severity (version 3.0):
CVSS v3 Base Score:
6.1 Medium
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (legend)
Impact Score:
2.7
Exploitability Score:
2.8
CVSS Version 3 Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
Required
Scope (S):
Changed
Confidentiality (C):
Low
Integrity (I):
Low
Availability (A):
None
CVSS Severity (version 2.0):
CVSS v2 Base Score:
4.3 MEDIUM
Vector:
(AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore:
2.9
Exploitability Subscore:
8.6
CVSS Version 2 Metrics:
Access Vector:
Network exploitable - Victim must voluntarily interact with attack mechanism
Access Complexity:
Medium
Authentication:
Not required to exploit
Impact Type:
Allows unauthorized modification

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
https://support.hp.com/us-en/document/c05541569 Vendor Advisory External Source HP HPSBPI03559

Technical Details

Vulnerability Type (View All)

  • Cross-Site Scripting (XSS) (CWE-79)

Vulnerable software and versions Switch to CPE 2.2

Configuration 1
AND
OR
cpe:2.3:o:hp:cc419a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000901
OR
cpe:2.3:h:hp:cc419a:-:*:*:*:*:*:*:*
Configuration 2
AND
OR
cpe:2.3:o:hp:cc420a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000901
OR
cpe:2.3:h:hp:cc420a:-:*:*:*:*:*:*:*
Configuration 3
AND
OR
cpe:2.3:o:hp:cc421a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000901
OR
cpe:2.3:h:hp:cc421a:-:*:*:*:*:*:*:*
Configuration 4
AND
OR
cpe:2.3:o:hp:ce709a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000900
OR
cpe:2.3:h:hp:ce709a:-:*:*:*:*:*:*:*
Configuration 5
AND
OR
cpe:2.3:o:hp:ce708a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000900
OR
cpe:2.3:h:hp:ce708a:-:*:*:*:*:*:*:*
Configuration 6
AND
OR
cpe:2.3:o:hp:ce707a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000900
OR
cpe:2.3:h:hp:ce707a:-:*:*:*:*:*:*:*
Configuration 7
AND
OR
cpe:2.3:o:hp:ce503a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000904
OR
cpe:2.3:h:hp:ce503a:-:*:*:*:*:*:*:*
Configuration 8
AND
OR
cpe:2.3:o:hp:ce504a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000904
OR
cpe:2.3:h:hp:ce504a:-:*:*:*:*:*:*:*
Configuration 9
AND
OR
cpe:2.3:o:hp:ce738a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000904
OR
cpe:2.3:h:hp:ce738a:-:*:*:*:*:*:*:*
Configuration 10
AND
OR
cpe:2.3:o:hp:ce989a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000926
OR
cpe:2.3:h:hp:ce989a:-:*:*:*:*:*:*:*
Configuration 11
AND
OR
cpe:2.3:o:hp:ce990a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000926
OR
cpe:2.3:h:hp:ce990a:-:*:*:*:*:*:*:*
Configuration 12
AND
OR
cpe:2.3:o:hp:ce991a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000926
OR
cpe:2.3:h:hp:ce991a:-:*:*:*:*:*:*:*
Configuration 13
AND
OR
cpe:2.3:o:hp:ce992a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000926
OR
cpe:2.3:h:hp:ce992a:-:*:*:*:*:*:*:*
Configuration 14
AND
OR
cpe:2.3:o:hp:ce993a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000926
OR
cpe:2.3:h:hp:ce993a:-:*:*:*:*:*:*:*
Configuration 15
AND
OR
cpe:2.3:o:hp:ce994a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000926
OR
cpe:2.3:h:hp:ce994a:-:*:*:*:*:*:*:*
Configuration 16
AND
OR
cpe:2.3:o:hp:ce995a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000926
OR
cpe:2.3:h:hp:ce995a:-:*:*:*:*:*:*:*
Configuration 17
AND
OR
cpe:2.3:o:hp:ce996a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000926
OR
cpe:2.3:h:hp:ce996a:-:*:*:*:*:*:*:*
Configuration 18
AND
OR
cpe:2.3:o:hp:cf081a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000927
OR
cpe:2.3:h:hp:cf081a:-:*:*:*:*:*:*:*
Configuration 19
AND
OR
cpe:2.3:o:hp:cf082a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000927
OR
cpe:2.3:h:hp:cf082a:-:*:*:*:*:*:*:*
Configuration 20
AND
OR
cpe:2.3:o:hp:cf083a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000927
OR
cpe:2.3:h:hp:cf083a:-:*:*:*:*:*:*:*
Configuration 21
AND
OR
cpe:2.3:o:hp:l2717a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000903
OR
cpe:2.3:h:hp:l2717a:-:*:*:*:*:*:*:*
Configuration 22
AND
OR
cpe:2.3:o:hp:cd644a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000925
OR
cpe:2.3:h:hp:cd644a:-:*:*:*:*:*:*:*
Configuration 23
AND
OR
cpe:2.3:o:hp:cd645a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000925
OR
cpe:2.3:h:hp:cd644a:-:*:*:*:*:*:*:*
Configuration 24
AND
OR
cpe:2.3:o:hp:cf116a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000913
OR
cpe:2.3:h:hp:cf116a:-:*:*:*:*:*:*:*
Configuration 25
AND
OR
cpe:2.3:o:hp:cf117a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000913
OR
cpe:2.3:h:hp:cf117a:-:*:*:*:*:*:*:*
Configuration 26
AND
OR
cpe:2.3:o:hp:cc522a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000932
OR
cpe:2.3:h:hp:cc522a:-:*:*:*:*:*:*:*
Configuration 27
AND
OR
cpe:2.3:o:hp:cc523a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000932
OR
cpe:2.3:h:hp:cc523a:-:*:*:*:*:*:*:*
Configuration 28
AND
OR
cpe:2.3:o:hp:cc524a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000932
OR
cpe:2.3:h:hp:cc524a:-:*:*:*:*:*:*:*
Configuration 29
AND
OR
cpe:2.3:o:hp:cf235a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000922
OR
cpe:2.3:h:hp:cf235a:-:*:*:*:*:*:*:*
Configuration 30
AND
OR
cpe:2.3:o:hp:cf236a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000922
OR
cpe:2.3:h:hp:cf236a:-:*:*:*:*:*:*:*
Configuration 31
AND
OR
cpe:2.3:o:hp:cf238a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000922
OR
cpe:2.3:h:hp:cf238a:-:*:*:*:*:*:*:*
Configuration 32
AND
OR
cpe:2.3:o:hp:cd646a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000925
OR
cpe:2.3:h:hp:cd646a:-:*:*:*:*:*:*:*
Configuration 33
AND
OR
cpe:2.3:o:hp:cf118a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000913
OR
cpe:2.3:h:hp:cf118a:-:*:*:*:*:*:*:*
Configuration 34
AND
OR
cpe:2.3:o:hp:cf066a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000921
OR
cpe:2.3:h:hp:cf066a:-:*:*:*:*:*:*:*
Configuration 35
AND
OR
cpe:2.3:o:hp:cf067a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000921
OR
cpe:2.3:h:hp:cf067a:-:*:*:*:*:*:*:*
Configuration 36
AND
OR
cpe:2.3:o:hp:cf068a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000921
OR
cpe:2.3:h:hp:cf068a:-:*:*:*:*:*:*:*
Configuration 37
AND
OR
cpe:2.3:o:hp:cf069a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000921
OR
cpe:2.3:h:hp:cf069a:-:*:*:*:*:*:*:*
Configuration 38
AND
OR
cpe:2.3:o:hp:d3l08a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000931
OR
cpe:2.3:h:hp:d3l08a:-:*:*:*:*:*:*:*
Configuration 39
AND
OR
cpe:2.3:o:hp:d3l09a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000931
OR
cpe:2.3:h:hp:d3l09a:-:*:*:*:*:*:*:*
Configuration 40
AND
OR
cpe:2.3:o:hp:d3l10a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000931
OR
cpe:2.3:h:hp:d3l10a:-:*:*:*:*:*:*:*
Configuration 41
AND
OR
cpe:2.3:o:hp:a2w77a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000930
OR
cpe:2.3:h:hp:a2w77a:-:*:*:*:*:*:*:*
Configuration 42
AND
OR
cpe:2.3:o:hp:a2w78a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000930
OR
cpe:2.3:h:hp:a2w78a:-:*:*:*:*:*:*:*
Configuration 43
AND
OR
cpe:2.3:o:hp:a2w79a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000930
OR
cpe:2.3:h:hp:a2w79a:-:*:*:*:*:*:*:*
Configuration 44
AND
OR
cpe:2.3:o:hp:a2w76a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000928
OR
cpe:2.3:h:hp:a2w76a:-:*:*:*:*:*:*:*
Configuration 45
AND
OR
cpe:2.3:o:hp:a2w75a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000928
OR
cpe:2.3:h:hp:a2w75a:-:*:*:*:*:*:*:*
Configuration 46
AND
OR
cpe:2.3:o:hp:d7p70a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000928
OR
cpe:2.3:h:hp:d7p70a:-:*:*:*:*:*:*:*
Configuration 47
AND
OR
cpe:2.3:o:hp:d7p71a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000928
OR
cpe:2.3:h:hp:d7p71a:-:*:*:*:*:*:*:*
Configuration 48
AND
OR
cpe:2.3:o:hp:cf367a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000916
OR
cpe:2.3:h:hp:cf367a:-:*:*:*:*:*:*:*
Configuration 49
AND
OR
cpe:2.3:o:hp:cz244a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000920
OR
cpe:2.3:h:hp:cz244a:-:*:*:*:*:*:*:*
Configuration 50
AND
OR
cpe:2.3:o:hp:cz245a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000920
OR
cpe:2.3:h:hp:cz245a:-:*:*:*:*:*:*:*
Configuration 51
AND
OR
cpe:2.3:o:hp:b5l04a_firmware:*:*:*:*:*:*:*:*    versions up to (excluding) 2308214_000902
Configuration 52
Configuration 53
Configuration 54
Configuration 55
Configuration 56
Configuration 57
Configuration 58
Configuration 59
Configuration 60
Configuration 61
Configuration 62
Configuration 63
Configuration 64
Configuration 65
Configuration 66
Configuration 67
Configuration 68
Configuration 69
Configuration 70
Configuration 71
Configuration 72
Configuration 73
Configuration 74
Configuration 75
Configuration 76
Configuration 77
Configuration 78
Configuration 79
Configuration 80
Configuration 81
Configuration 82
Configuration 83
Configuration 84
Configuration 85
Configuration 86
Configuration 87
Configuration 88
Showing 100 of 176 CPEs, view all CPEs here.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History 1 change record found - show changes